Re: Is it possible to do some damage to database with SELECT query?
| От | A. Kretschmer |
|---|---|
| Тема | Re: Is it possible to do some damage to database with SELECT query? |
| Дата | |
| Msg-id | 20080722102046.GC2742@a-kretschmer.de обсуждение |
| Ответ на | Is it possible to do some damage to database with SELECT query? ("Teemu Juntunen" <teemu.juntunen@e-ngine.fi>) |
| Ответы |
Re: Is it possible to do some damage to database with
SELECT query?
|
| Список | pgsql-general |
am Tue, dem 22.07.2008, um 12:50:31 +0300 mailte Teemu Juntunen folgendes: > Hi, First, don't hijack other threads! > > is it possible to make a SELECT query with some nasty follow up commands, > which damages the database. > > Something like: > > SELECT *,(DROP DATABASE enterprise) AS roger FROM sales WHERE sales > > (UPDATE order SET order=1); > > I know this wont work, but is there some possibility to modify database > with SELECT query? Sure, with sql-injection. There are a lot to read via google, for instance http://en.wikipedia.org/wiki/SQL_injection HTH, Andreas -- Andreas Kretschmer Kontakt: Heynitz: 035242/47150, D1: 0160/7141639 (mehr: -> Header) GnuPG-ID: 0x3FFF606C, privat 0x7F4584DA http://wwwkeys.de.pgp.net
В списке pgsql-general по дате отправления: